undefined | Better HN

0 pointsAmadou12y ago0 comments

Given that Google has a VC arm, I am stunned every time I run into a VC who uses gmail and other google-hosted services as part of their business. They are handing their competition an enormous chunk of their business proprietary information and trusting them not to peek at it without even a contract.

To me, that level of naivety with respect to operational security is just baffling. All it takes is one unscrupulous person in the right place at Google and those convenient, "free" services could end up costing millions. It isn't like the people in the finance industry have a reputation for being upstandingly moral either.

0 comments

5 comments · 2 top-level

ganeumann12y ago· 3 in thread

For this to be a worry, every person up both branches of a very large hierarchical organization tree--all the way up to where a Google Ventures employee and a Gmail developer both report to the same person--would have to agree to it.

Google Ventures, no matter how spectacularly they might do as VCs, will always be several orders of magnitude less important to Google than Gmail. Google Ventures invests $300 million per year. Say they are always, every year, one of the top VCs so they--every year--deliver 3x on the money invested a few years before. They are still delivering less than $1 billion, less than 2% of Google's revenue.

In reality, it will probably be more like 1%, plus or minus 4%. And also, in reality, it won't be considered revenue, it will be Extraordinary Gains from Non-operational Events, or some such accounting gibberish, and nobody on Wall Street will give them any credit for it.

AmadouOP12y ago

That's ridiculous. The risk isn't institutionalized abuse, the threat is an unscrupulous guy in the Ventures group who has a buddy who works in the gmail (or other) groups. Calls him up one night and says, "Can you do me a big favor? Check out so-and-so and see what he's working on."

It isn't about Google's bottom line on wall street, it is about an individual abusing access to further his own career.

ganeumann12y ago

You make the false assumption that people in different divisions of a very large company would be more likely to help each other outside of the corporate reward structure than they would be to help someone outside the company, who they might just happen to have personal or social obligations to.

If there were an unscrupulous person in the gmail group, he would be more likely to break company policy (and, I think, the law) with someone who does not work for Google than with someone who does, unless it were motivated by someone up the chain at Google itself.

Saying that someone at Gmail is sharing your secrets may be a worry. That they would share them with Google Ventures is far less likely than that they would share them with someone else entirely. And frankly, if someone were to try to profit from stolen information, they'd be looking at hedge fund manager emails and investment banker emails. The very slight edge you might get from seeing some VC's email is worth less than a cup of coffee at Starbucks, if you risk-adjust it and discount it back to the present.

1 more reply

bsullivan0112y ago

"deliver 3x on the money invested a few years before. They are still delivering less than $1 billion, less than 2% of Google's revenue."

That's virtually all profit, not revenue, and WSt would be thrilled. And all you would need a crooked employee to do that. Maybe a GV partner could approach a SRE...ala http://www.sec.gov/news/press/2011/2011-53.htm

Goldman Sachs and PG board member has been corrupted that way, imagine a lowly engineer that could triple his salary in a heartbeat.

giardini12y ago

You are correct about the "one unscrupulous person" but VCs are hardly significant when you consider other options.

Every single aspect of business and government is susceptible to NSA snooping. Had I access and the lack of scruples, I'd much rather read selections from Goldman Sachs' gmail than any VC's; similarly I'd much rather listen to Obama's telephone calls than Paul Graham's. I'd much rather make my investments in the futures market based on e-mails from high-ranking officials in the DOD than on those from any social networking VC. I could make more money (or have more influence, etc.) that way.

As you say, it takes only "one unscrupulous person". So how common is unscrupulous behavior among highly-trained and highly-screened sysadmins? My bet, no less than 5 in every 100 would be unscrupulous, at least 1 in 100 would be absolute psychopaths, and possibly 1 in 200 would be unscrupulous enough and have sufficient social/business skills to take it to the bank in a big way (I'm talking serious crime/spying/nation-selling).

There may be "Snowdens" out there that we don't know about - persons who are now selling us (corporations, person, and nations) down the river for a few million dollars.

The NSA has put the nation in a very precarious situation.

j / k navigate · click thread line to collapse